Within the field of computing, many scenarios involve a system that provides access to a database. In many such scenarios, the database comprises a set of tables respectively representing a type of data object, where the respective tables comprise a set of fields or columns that represent various properties of the type of data object represented by the table. The respective tables also comprise a set of records that respectively represent an instance of the data object, where the respective records store a value for the respective fields of the table. Databases of many varieties may be generally structured in this manner, including relational databases, key/value stores, hierarchical data sets such as Extensible Markup Language (XML) documents, object databases, and document-oriented storage systems.
In many such scenarios, some records of the database may be interrelated, wherein, for a particular field of a first table, the records of the table store a value that corresponds to an identifier of a record of a different table. For example, a first table may comprise a foreign key relation field, where some referencing records are related through the foreign key relation field to referenced records of a second table. The referencing is often accomplished by storing a value in the foreign key relation field for the respective records that corresponds to an identifier (such as a unique or distinctive key) of a particular record of the referenced table. Many such databases alternatively permit such records to store a non-reference value in the foreign key relation field, such as a null value indicating that a particular record of the referencing table is not related to any record in the referenced table.
In many such database scenarios, the system allows one or more requesters (such as entities, users, devices, applications, or processes) to access to the database. Access is often provided via a query engine, wherein a requester submits a query that identifies the types of records that are desired. Queries are often formulated and evaluated according to a query language, such as a variant of the Structured Query Language (SQL). Often, the system evaluates the query to formulate a response, comprising the records and/or portions thereof that satisfy the details of the query. Additionally, many systems may enable particular portions of the database to be secured, such that data is provided in response to queries only if submitted by an authorized requester, and queries submitted by other requesters are denied in compliance with the security parameters. For example, a large enterprise may include a variety of companies or units that are respectively permitted to access only a specific subset of the tables, table fields, and/or records of the database. Often, the system utilizes a security policy that specifies the details of the database security, such as which portions of the database are secured; the requesters who are permitted and/or restricted to access such portions; the types of access that requesters are authorized to request, such as read, update, delete, and query requests; and mechanisms whereby such requesters may authenticate an identity, such as username and password credentials or a cryptographic security token.